Posted: 06 Mar 2014 13:07:51
|We have had a small number of reports from customers who have had the DNS settings on their routers altered. The IPs we are seeing set are 22.214.171.124 and 126.96.36.199 (there may be others)
This type of attack is called Pharming. In short, it means that any internet traffic could be redirected to servers controlled by the attacker.There is more information about pharming on the following pages: https://www.team-cymru.com/ReadingRoom/Whitepapers/2013/TeamCymruSOHOPharming.pdf http://www.team-cymru.com/ReadingRoom/Whitepapers/SOHOPharming.html
At the moment we are logging when customers try to accesses these IP addresses and we are then contacting the customers to make them aware.
To solve the problem we are suggesting that customers replace the router or speak to their local IT support.
06 Mar 2014 13:33:10
|Changing the DNS settings back to auto, changing the administrator password and disabling WAN side access to the router may also prevent this from happening again.|
06 Mar 2014 13:48:14
|Also reported here: http://www.pcworld.com/article/2104380/|
|Resolution||We have contacted the few affected customers.|
|Started||06 Mar 2014 09:00:00|
|Closed||11 Mar 2014 09:32:42|
11 Mar 2014 09:32:42
[Broadband and Ethernet] Attackers altering the DNS configuration on some routers - Closed